The "quit" above is what I typed.
============================
But I'm not clear about sasl and about pam. What am I doing, or what is, or
where is what, wrong, in the configuration, in the system...?
============================

which tells us that only that file of the entire package is changed from
default.

I use the signed portage snapshots and update my system with emerge-webrsync, I
also have a local private mirror for my systems, and I rsync and update those
away from my air-gapped master Gentoo system, then thoroughly check the rsync
downloads and only then update my master Gentoo, from which I clone any other
of my other two or three Gentoo systems, the air-gapped install can be found
explained, among other places, in

Bingo! That did it!
If you want just to see how it worked, go to PART 3.
If you want the whole story, read all as posted.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider_PART1.txt,
which has some data concealed
has Publictimestamp # 1240484
and is based on non-concealed, unprotected, so not
published full data file Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider.txt
with Publictimestamp # 1240508
--
publictimestamp.org/ptb/PTB-21547 sha256 2014-09-05 18:01:46
E19499140167F375D4D69952569EFBBDB2AB10842FDD26E7EC75509CD1736FDD

Last edited by miroR on Sun Feb 08, 2015 1:23 am; edited 4 times in total

I really shouldn't be risking coming out with my poor user's security methods,
but when you see what is up against my freedom, you will probably agree that
it's worth disclosing it.

It's nothing new in the GNU/Linux world, but less experienced users than me
will find it useful.

This is how I basically clone my systems.

It's not strictly necessary for the systems to be same MBO-based, but they
surely have to be of the same architecture, and if they are of same model MBO,
all is actually very easy. (If they're not same model, can be much more
difficult.)

This part needs your true understanding, else don't try to do it, you can very
easily ruin your installation (the software), and maybe, although not so
likely, even worse scenarios are possible.

I have to change the numbers a little, but this is very similar to what my HD
drive actually is, HDD onto which my installation, that is perfectly
cloneable, is on, and that installation is up and running as I speak. This one
actually was cloned from another one, and this one is destined to be the
online air-gapped system (no SOHO access, standalone from SOHO), while there
are other two or three, that remain offline (only SOHO access, no online
access). But, in matter of principle, they are all inter-cloneable.

and cd into a directory somewhere completely out of that system that must not
be mounted, and must not be used in any way by any process (which is just
generally the case upon booting into a machine from a CD- or USB-installed
system like sysresccd).

It's best if you mkdir an empty directory on a whole different another disk
and cd into there, because an installation is a lot of GB to dump (and it's
not too expensive nowadays to get a USB-3 storage adapter and HD drives are
not that dear either), and once we are sure we have room enough, we need to
dump those partitions.

Again, it really depends for you, how you installed your system. It really can
be something totally different.

But in my case, it's pretty simple. I just need to dd ([d]isk [d]ump)
/dev/sda2 and /dev/sda3 (or if they are named differently, see above). So I
only need to:

[ I have lots of files starting with dates, and to cut shorter their names, I
decided to use A-K instead of 10 10-19, so E is 14, in all the files in this
text named E09... and similar ]

[ The n4m3 is the hostname part of the name. ]

Code:

# dd if=/dev/sda2 of=E0904_sda2_n4m3.dd
...
This one is quickly done, and it'll throw out the size of the partition that
it has dumped soon. (not reproducing it, because I'm writing from memory
now), and return the command line prompt.
#

The same notice, followed by "Done" will me thrown on the same standard output
by the next one command below, but that one will take much longer time:

Just for this article to contain complete info on cloning, these dumps (only
two) suffice for me to clone the system onto another same size/model HDD on
same model MBO computer. After, in case of an empty, for being zeroed out, or
for being new, HDD, having created the exact sam gpt partitions on it, as
previously shown, I just run:

And there is, first, to do chrooting into the cloned system (see the Gentoo
Installation Guide) and installing grub2, and there sure are tweaks to do to
assign different local ip to it on the SOHO, but there is hardly any other
work, and it's up.

Now while the sizes I changed, these sha256 sums below are very much exactly
my numbers, for those exact disk dumps.

Namely, I have evidence on particular workings against me in this disk dumped
system that is now frozen in time and will be publictimestamped, and then only
police brute force and stuff like breaking into my appartment to vandalize my
computers could destroy that evidence, which I hope won't yet happen, but in
Croatia we have slowly been starting to fear in the early morning hours...

Excuse me for the one line "digression" above, but the story wouldn't be really
complete without it. So quoted. Because it is not really a digression.

This is poor user's forensics in action. I didn't learn this at university or
elsewhere, I taught this myself from GNU/Linux man pages, forums, tutorials,
tips and tricks and the rest, and I can see that it works.

Now my / (root) partition is some 70G, and that's a lot. You can't put that on
the internet, right?

But this kind of freezing of a state of a system can be used not just for
cloning (which in itself is backup and restore, only not on same but another
system). It can also serve for evidence of what happened in a particuler
period or around a very particular (more on that later) moment in your use of
your computer.

And that is what I dd'ed my system for, this time around. Not for cloning,
because it has been freshly cloned from the air-gapped SOHO-only system some
now twenty something hours ago, have been on the internet just in brief
intervals, very carefully monitoring everything I did (had recently installed
iptables as well, and proper ulogd-logging).

I was saying how my / (root) partition was some 70G and how I couldn't put
that on the internet.

On the other hand, what is necessary to do, if one wants to identify a
particular something of any kind of electronic document, and that huge 70G
file is one single electronic entity too... What is necessary to do, is
identify these partitions by calculating their checksum.

That is those two partitions, very real ones, are the sole ones in extremely
great likelihood in the whole of the universe to have those hashes. Any
mathematician will tell you that. Well, the universe, Eistein is reported to
have said, was not sure was infinite, but the chances are so unimaginably slim
anything else in the, say world, has sensically those numbers in any case.

However, while that's certainly evidence, you can't really put it anywhere...
If circumstances arise though, say in court, I could (less those brutalities
that regimes do didn't previously happen on me and my possessions), I could
produce those, for sure...

But for practical purpose if, say, a discussion ensued where people wanted to
check on my claims, and that discussion was happening on some GNU/Linux fori,
no, I couldn't easily use those.

But I found another one of my poor user's forensics methods to apply here and
with it be able to use something a little less, but still very, convincing.

I believe even interested lower level intermediate users, or very bright
beginners can understand these commands above, if they dedicate a certain
amount of time to study the good ole apparently dry and of the proverbial
steep learning curve, but so fine and friendly in the end, GNU/Linux man
pages... and many GNU people tutorials and things. GNU has informal meaning
for me. Richard Matthew Stallman has started the movement, but it's anybody's
and it's anywhere. It still shines and it really still rules. And it's really
one of the last defenses for freedom and democracy in the world which is still
strong in our Orwellian now post-Snowden age.

Let me just point out how those dumped partitions SHA256 hashes would be gone
forever if I didn't do the "losetup " commands followed by especially the
"blockdev --setro" commands...

If I had done the "mount " commands, or if I were to do them ever after I
publish this article, without assuring myself that the loop device with the
partition on it was returning "1" when "blockdev --getro " command was run on
it, the dumped partitions would have been mounted read-write and would have
lost it's identity which they had before, at the time the hashes were
calculated on them!

But there's more to say here. I didn't say it before, because it is much more
easily to say why now, while it wouldn't have been so obvious and
understandable before.

You can see that I dumped the partitions in two different storages. That
increases my chances to have these huge identifiable documents intact at some
later date. I haven't read anything mathematical in long time, but that
increases my chances something like exponentially, I guess.

And what's more, those jacksum lines tell that I run jacksum on both the
mounted partitions. Those are two instances of the same frozen Gentoo system
of mine, in two different storages, and I run jacksum on them to get the
hashes of all (sic!) the files in them!

What will the diff be? The question is for newbies, sure. Big boys, don't get
annoyed, I always write with a desire to get more newbies into GNU/Linux.

I guess a lot is clear about what I wrote above, just that very particular
moment in my use of my computer that I want this whole affair to serve as
evidence for, is not yet clear, is it? No, it's not yet. It can't be clear
yet. Patience please, just a little longer. Some things take time to present.

Let's go back to my configuration of smtp-tls-wrapper and friends, because
therein will lie the very particular moment in the electronic processes of this
computer in service of my electronic mailing needs, so big boys, skim through
this and find that piece of information quickly yourself if you're impatient,
in the text some distance below from here.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider_PART2.txt,
which has some data concealed
has Publictimestamp # 1240490
and is based on non-concealed, unprotected, so not
published full data file Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider.txt
with Publictimestamp # 1240508
--
publictimestamp.org/ptb/PTB-21547 sha256 2014-09-05 18:01:46
E19499140167F375D4D69952569EFBBDB2AB10842FDD26E7EC75509CD1736FDD

Last edited by miroR on Mon Sep 21, 2015 11:08 pm; edited 2 times in total

and I really do believe that there are good tips in this entire article, useful
tips for people, and I am also proud of my success in solving this non-trivial
mail configuration issue, but...

...[I will try and post on forums.gentoo.org] but who knows if my provider
haven't gone so beserk in the meantime and have cut my connection out all the
way ... or if other issues prevent my posting of this )

But when I started writing this article, let me assure you that I didn't expect
the "JunkMail rejected" line, as I really haven't mailed other than a few mails
in months. Not tens of mails, let alone hundreds of mails, let absolutely alone
thousands of mails, no! I have only mailed less than a few dozen electronic
messages, if not less, and a lot less, of e-mails in the recent quite a few
months altogether!

So I didn't initially mean this article about that part of the story. It
really made my eye pupils go wide, I believe, when I saw that line, but I
started this article upon some two weeks of study of postfix, sasl, pam,
stunnel and friends, sensing that I was close to getting it right, and wanting
to post it for the benefit of other users, or, in case that I would still
remain stuck, to ask for help from Gentoo community.

I have a few things left to do.

The first is to sift through all the above which in non-public version (but
with publictimestamp to prove its existence) will have all the data intact, the
first thing is sifting through it and changing whatever of the data is not good
to remain public. Of which data some, such as https://plus.hr who are working
fine (they host my www.CroatiaFidelis.hr domain) and this is actually a fine
recommendation for them, while http://iskon.hr , the provider gone beserk; oh,
it is my pride to disclose on them, because now it's obvious how they like to
do the truly arrogant and senseless censoring on their users. But the numbers,
and various processes and stuff, no, can't remain, lots of changes needed
before publishing this.

The second thing to do is connect with Tor and try and anonymously see the
entry in... http://www.spamhaus.org/query/bl?ip=89.164.147.226 (see it in the
log above)... No! That's just the temporary ip that Iskon gave me. That could
only have been a one time thing. So the second thing is to see whatever this
beserk provider might be doing next on me... Aarrrgghhh!!...

I might also end up needing some help from the bigger Gentoo boys on this. Who
knows yet. I hope you people in your majority still support me in my quest for
knowledge, and freedom, as well as stand with me in the passion for GNU/Linux.

And third thing, there is one Addendum to add right after publishing this, on
my screencast/dumpcap-ing technique generally, and in this affair, and some
more on the hashing plus publicstamping methods for evidence identifying that I
employed.

As far as strictly the smtp-tls-wrapper mode issues, as well as on
backup/cloning methods, I'll be happy to help, if I can, if anyone needs
advice. (However, allow time, I work really slowly on top of being politically
persecuted and therefore unsafe in my own Homeland.)

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider_PART3.txt,
which has some data concealed
has Publictimestamp # 1240496
and is based on non-concealed, unprotected, so not
published full data file Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider.txt
with Publictimestamp # 1240508
--
publictimestamp.org/ptb/PTB-21547 sha256 2014-09-05 18:01:46
E19499140167F375D4D69952569EFBBDB2AB10842FDD26E7EC75509CD1736FDD

Last edited by miroR on Fri Sep 05, 2014 8:46 pm; edited 1 time in total

gave two files exactly of the same identifying hash on two different storage
units (hard disks attached via USB-3 adaptor).

Surely it's huge text, 82M, not reproducible here, but it's minute in
comparison to the 70G plus 1/2 G of the two dumped partitions. That could be
gzipped to just a few megabytes, encrypted and posted somewhere, no big deal,
in case there were to be a discussion; I'm talking generally for people having
similar issues, which are rare, but it's the persecuted dissidents that push
for and eventually bring about changes in political landscapes, so we are not
a kind to be underestimated and we are not an unimportant kind.

And then what you can do is take any file whichever from that huge list of
thousands of files and safely claim that it was there at that particular time
(sure, if you also timely publictimestamped it).

I can easily prove (in my case, I sure could trust a small number of few
people so much in among the Gentoo community, if they gave me their word to
not allow any further that file, and encrypt that file to their PGP key, and
they could confirm or not confirm that I was saying the truth; applies
generally in similar cirumstances for anyone else with issues like mine, or
just with needs for hashed and public time stamped evidence like mine).

As far as the http://publictimestamp.org goes, their explanations are online
and suffice. Nothing to add there. Just that I really like like their program
and service. It's a fine GNU thing, a thing like so many other free things,
thankfully, for us free people on the internet, and by free people on the
internet.

And that last line contains the hashed main Gentoo logfile messages that I
cited heavily from in the main article.

The screencast/dumpcap-ing helped me compare the logs with the network traffic
captures, and so I was able to say that "the logging below" was "chronological
with the commented commands" and produce technically correct reports.

The analysis of network traffic captures, or packet dumps, is however still
not my strong side, such as, I haven't yet figured out what really happened
with what this screencast shows (I also have an accompanying dump there)

but there is the same one suspect certainly there to not dismiss, now with
this knowledge and evidence.

I always, well really most of the time, it is a hefty overhead of work on
top of whatever that I'm doing when I go online, I, nearly, always keep
screencast/dumpcap-ing along...

By the way, the adding of me to spamhaus.org RBL has nothing to do with the
email that I sent. The email was to the hoster of my domain CroatiaFidelis.hr.
It was a support issue connectied exactly to the problem in the above
screencast.

It also has nothing to do with the n4m3.localdomain being not accepted for
being a phantasy domain either, because, and if someone doubted that, I could
present the email, because the email was regularly sent with all the necessary
translations previously put in the /etc/postfix/generic, so was sent with the

Code:

From: mrovis.fake@croatiafidelis.hr

(only with my real address), so that was pure arrogance on me the user.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider_ADDENDUM.txt,
which has some data concealed
has Publictimestamp # 1240502
and is based on non-concealed, unprotected, so not
published full data file Gen_140905_smtp-tls-wrapper-mode_and_beserk_provider.txt
with Publictimestamp # 1240508
--
publictimestamp.org/ptb/PTB-21547 sha256 2014-09-05 18:01:46
E19499140167F375D4D69952569EFBBDB2AB10842FDD26E7EC75509CD1736FDD

Talking of this outdated smtp-tls-wrapper-mode it will be useful here for
users who may have not spent so much time as me configuring it, to know why it
is still around.

While I presume (haven't mailed in many years with any tool by Billy the legal
plunderer of the wealth of the lazy and/or stupid, or plain underinformed and
unhelped majority of the world, so a moral criminal, turned eugenical
phylantropist, aarrgghhh!!)... So while Windoze 7/8 I presume is on terms with
STARTTLS, the ole glorious (oh yeah...) XP is not, and it's still very much
used:

Couple that information with a recent thread, August 2014, from postfix-users
mailing-list.

That one M$ instance, the XP Windoze, IIUC, has the Outlook client as default.
Lots of those, I'd believe, in my country and many other countries, so my
Plus.hr hoster will keep catering for them, and that means smtp-tls-wrapper
mode isn't going anywhere for years to come.

Couple that information with this recent thread, in which you can see, the
information of our interest, what postfix developers say about it:

To support Outlook as an SSL/TLS submission client, you need to
setup the smtps (input) wrapper-mode service as described in
TLS_README. Outlook indeed does not support "TLS" (that is
STARTTLS) and only supports SSL encapsulated SMTP on port 465.

Let me just résumé:

"Outlook indeed does not support "TLS" (that is STARTTLS)" (Viktor Dukhovni),
the STARTTLS which would have been much easier to configure on the client
side, which this topic of mine here on Gentoo Forums that you're reading right
now is about, as well as on the server side, which that thread on
postfix-users is about.

So much for this (difficult to deal with) legacy case to stay longer with us.

But I'm actually a little relieved, because I tried for weeks last year and
wasn't able to configure postfix for this smtp-tls-wrapper scenario, and had
to go for the incomplete (no local mail) sSTMP, which is much easier to
configure.

discarding/skimming through wrong guesses and unsuccessful configurations, and
you should be able to find a fine advice there somewhere, and, importantly, in
the links from there, such as my really successful getmail, and maildrop
deployment.

And if you are using Iptables, which is another basic need for Air-Gapped,

Next in this topic, I thought I'd put a summary from the dumpcap network
packet capture of those few moments that I stowed away the entire snapshot of
my Gentoo installed system in two different storages for.

For the newer users of Gentoo, if they reach here, to understand a little more
easily, there is one unknown to go clear now. The urd which wasn't in the
previous texts, but is only a synonym for the other names for the same port
already used, which are dealt with in the previous posts.

Now there will be less unknowns in the Wireshark dump_140904_2317_g0n.pcap
network packet capture file, which gives us another angle at those moments of
my first successful sending with Postfix with stunnel, sasl and friends.

[which tentative] now, as imperfect as it has been, and as imperfect as I have
been able to express myself there in that topic and topics linked to, for you
to rummage through and figure out your own Air-Gapped, or some other, way,
that tentative does seem to be successful...

[The packets shown are not easy for a newbie to understand], but the
Air-Gapped Gentoo system how I install it, and which I recommend to anyone who
wants to live free, free like true GNU, like true GNU/Linux the dying and
being exterminated kind:

[which I recommend to anyone who wants to live free], which freedom there is
none, nada, zilch, without privacy, and only liers or stupids could claim that
there were no backdoors, so noone did so here:

[only liers or stupids could claim that there were no backdoors], no surveillance
wholesale, no intrusion in your privacy in the mainstream GNU/Linux the
defeated kind of today, on you dear gentle poor Joe user like me, in this day
and age of the post-Snowden Orwellian time.

[The packets shown are not easy for a newbie to understand,] but the
Air-Gapped Gentoo Install that I recommend to any thinking GNU/Linuxer, needs
at least fair understanding of matters like packet captures, for its
successful deployment in defence of your privacy, conditio sine qua non,
condition without which there isn't any, freedom.

Fair understanding. I don't understand those in full either, but I am heading
toward possessing a reliable Gentoo GNU/Linux that is not owned by anyone but
me who installed it, which is just not the usual case, other than with the
elite, who not all tell you all they know, and not even all that you really
need to know, and in terms of the GNU freedom, are entitled to know, dear
fellow user.

There would be other issues that a newbie would not understand, like
certificates. Those can be studied in two places where knowledge is freely
given to public by real experts.

And here are some of the packets with the critical information, the packets
23, 29, 41, 42, 52 and 59, for our figuring out how the network handshakes,
the certificates and the encryption (which encrypts not the headers which are
visible, but only the body of the message) goes:

That is how a free GNU/Linuxer (which I'm not a model of, just striving to be),
once she or he gets their mail configured should be able to check on their sent
mail and see there are certificates and TLS lines, and all.

Sure, if the provider is fine, the mail will be sent with these great programs
that I have employed and shown here.

Thanks everybody for the patience, and thanks Gentoo GNU/Linux community for
great opportunity for a real Operating System, however non-mainstream and so
necessarily so much more difficult to compile it, that it may have been.

I'll be around for a little longer if there are replies. More than probably a
day or so later replierer might need to wait for me to find time to visit here.
I am oldish and not very healthy, and I work really slowly.

Miroslav Rovis
Zagreb, Croatia
http://www.croatiafidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Gen_140904_2317_dump_n4m3_TLS_divers_analysis.txt,
has the Publictimestamp # 1240742
I noticed and applied some corrections to it soon afterwards
the new file Gen_140904_2317_dump_n4m3_TLS_divers_analysis_COR.txt
has Publictimestamp # 1240754
--
publictimestamp.org/ptb/PTB-21564 sha256 2014-09-07 21:01:45
FF9C8DA3C10A938B7E53262E65CB81CC634A467945B60CC3FC978C7E3FBE1B64

EDIT Sun 18 Jan 21:21 CET 2015 Reformatted for better viewing.
and if I may ad one thing, about Gentoo. I don't think there is anything more important than security for your computor in virtual life, just as are the keys to your home in real life. And I regret not having mentioned that when I wrote to T-com and readers here how I get security in my system.

There is no more powerful system today by design than Grsecurity/Hardened Gentoo (or Funtoo, I can't help but give a link here to a dream of mine....)
When I wrote below about how safe my system relatively is, the info of today was missing.
EDIT END
--
This is, first the header, then the text of the email, that I will be sending to the address shown below, and I'll be sending it from my address shown below, in the headers, after posting it here.

The sole difference between the email proper and the post I converted it into, is in formatting which I may try to adapt a little better yet for viewing on these forums, while I wait to see possible reactions.

But later, if this part of the entire story which has three topics in itself so far: cloning/backup method, postfix-tls-configuration, and censorship revealed by analysis of the packets captured...

But I will reformat this text, more nicely for viewing, later, if this part which is about hard-to-deny censorship, and which part is somewhat more on the social then the technical side of the entire, predominantly technical, story that I have deployed here so far, if this part is allowed here as I ask more clearly and in detail towards the end of the email/post, in bottom.

This is, however, necessary for the understanding of the entire topic, and is pretty healthy for your mind to really understand the dire need that we, as a community of freedom loving hackers (not crackers, but hackers, not criminals, but lovers of honesty and truth and common good in the internet and computing world, hackers of which I am certainly more of an aspirant than a member, my technical prowess being far too low, as yet, and likely to remain so)...

This somewhat more social part of this story is, however, healthy for the minds of especially new Gentoo and generally FOSS Linux users, to grasp the necessity and the dire need to build methods in the fight for our privacy.

I am not talking about the necessity of only the ideas and the methods that I learned and put in practice so far, I'm actually saying that when you read this, you will clearly understand that even more, even much more, might really be needed. This fight may yet be getting, as it already has for some of the best hackers in the world, some actually completely innocent or just minimally to blame... [This fight] for freedom and privacy [may yet be getting], here and there, for some and for other people, really hard.

(This text above is actually the last that I wrote in this post. Bear in mind when reading especially the end part of the email/post. The final thoughts are in this text above, not in bottom.)
---

I'll give a translation, so my English speaking friends can see the problem imposed on me (probably for no reason, or even completely invented, for purposes of censorship; but let's see if we can talk with those at all...).

I'll try and keep to literal translation when I can, will resort to more descriptive and equivalent translation where it fits better.

In case that the above has been committed without your knowledge you probably have a virus (or a trojan) in your computor. So we kindly ask you to install some antivirus software (or some trojan removal tool) as soon as possible, which would be up to date with the new viri (trojans), and to cleanse all yout computors from which you connected to the internet.

I know you speak English fine, dear T-com, and anyway I noticed it is possible as well to ask for and correspond with you in English. So:

Dear T-com Abuse Service!
==========================

I wouldn't say that what you claim above is true, especially I am absolutely in the certain and clear knowledge that I didn't send any spam myself, on the one hand.

But, although is is very unlikely, I, on the other hand, really can not say that there has been no intrusion ever and in whichsoever way into my computors, in any of some perticular periods within the time that I have been your user (just please make sure you read how unlikely it is).

So, what I know, is that I did not send, let alone spam, no!, but almost not any emails whatsoever, almost anywhere at all. So really we can completely dismiss that I were to have spammed other people! Please read on.

The emails that I have sent in, we generally talk just since September 17 2014 when I became your user (although there will be a mention of the immediately previous period), the emails that I sent in this period since September 17, number hardly once or twice the number of fingers on two human hands; although I'd need to go and count those to come with the exact number, that is the order of that number: not even a few dozen mails, let alone hundreds or thousands of mails, no! And, I'm trying to remember, but, no, I don't think other then one single time, only one single time to two recipients, to helpdesk@iskon.hr and support@plus.hr, all the other emails to one single email address only.

And I am talking mails that I successfully sent from my computor, but most of which weren't ever sent forth by you, T-com, at all, so the numbers not discarded, completely baselessly, as junk by you number even less than that already minuscule number.

So, again, the emails that I sent since September 17 when I became your user are hardly more then maybe twenty or fourty emails (and most of those were not sent forth by you at all), but were in brazen and obnoxious fashion discared as junk by you (via other subjects, read on).

Also, since I joined T-com, it's one sole computor which I have any mail agents/programs configured for receiving and sending mails and I send and receive mails from no other computor but that sole one.

And that computor is running probably the best among all FOSS Linux flavors. It is running the Gentoo FOSS Linux, and I built that Gentoo box of mine in particular way that has, through time, even gained some notice in Gentoo community among the more knowledgeable Gentoo circles, and which way of building my Gentoo box has even gained me promotion from lower intermediate level user to somewhat advanced level Gentoo status, since from that method that I described in various posts on Gentoo Forums, newbies to Gentoo can actually learn from, and apply for themselves this particular Air-Gapped method that I described of installing Gentoo.

And please allow me to stress to you that Gentoo FOSS Linux is probably the hardest of FOSS Linux flavors, pretty knowledge learning curve steep and intensive.

And on that Gentoo FOSS Linux of mine I use probably the best and cleanest and most user-enpowering mail receiving and sending programs that are really the least prone to snooping and intrusion of probably all and any programs for sending and receiving emails, in the world of today: Mutt, Postfix, Getmail, Maildrop, Dovecot...

And, back to the emails that I sent, again, hardly did any more than a handful of those emails really go past your servers to be forwarded on to the actual recipients. Rather, you sent them, via other subjects, to junk, most of the my mails.

Via other subjects such as some spam internet "policing" sites that likely get some sleazy money for, on top of some real spam prevention that they nominally exist for, squeezing and clamping down on political dissent and activism.

Let us be in the clear here, that we are talking e-mail account which I pay for, privately, to Plus d.o.o Pula, www.plus.hr (Pula is a Croatian city in Istra, on the Adriatic coast, near Italian border), and the email address of that account which I pay for is:

miro.rovis@croatiafidelis.hr

Yes, we are talking you, dear T-com, not allowing me to use what I legitimately paid for in my country Croatia, and which is my mail-account about which it can easily be looked up with that provider, www.plus.hr, whether any spam, and when, and in what manner, and by what means, and by which intrusion, if any (I'm speaking theoretically; I know it could only have been intrusion, but you, lets say, don't yet know), [whether any spam] was sent, if any (this is really the moot point: if any!), from their servers.

Glad I am, on the one hand, that you are with this "abuse notice" admitting to sending my emails that I send from miro.rovis@croatiafidelis.hr, to spam, as I proved for Iskon that they did (Iskon who I was a user of, previously to becoming your user), and as I can still demonstrate that you, T-com, have done.

This here, about Iskon, is the mention of the previous period that I promised above, and it can be found out about at:

By the way. I'll try and post this message in another post on that topic on that address. Or you will find a link to this message there in that topic on Gentoo Forums and on that address, today hopefully.

That much about your claim of my, possible (as you thankfully do correct your accusation, but only afterwards, it really sounds despicable!... Thankfully you are not claiming certainty about my "spamming")... That much about your claim of my deliberate "sending" of "spam".

Still, you really really could in just the same fashion, accuse me of, say, jumping from building to building with springs mounted on my shoes, from my Zapruđe block all the way to downtown Zagreb and up to Sljeme over the traitor Government and the outgoing traitor Presidential Palace, over the skyline and without previously having obtained permission from the City authorities for my pranks...

Or you could really really downright accuse me for flying from my appartment in Zapruđe, over the river Sava and all the way over Count Jelačić Square and over the Traitor Prime Minister Milanović's goverment and over the Presidential Palace where the Traitor President Josipović is about to finally be purged from on February 18 2015, and onto our beautiful Sljeme Mount on the North of the City, there and back with, say, portable wings.

Yeah, you could accuse me, exampli gratia, of flying with portable wings, or jumping through the skyline on springs, to Sljeme.

You really could do that with just about the same level of plausability as goes for your claim that I were spamming from my computors.

Just about the same level of plausability you can get for those!

On the other hand, as I took care to put it up front in the top, truly I can not say that there has been no intrusion ever whensoever and in whichsoever way into my computors.

Some snoopers, most notably Google, and others such as various secret services (oh but the latter find the former the best of all accomplices and associates and the paramount spying services provider)... But some snoopers, most notably Google, are still without my reach as to what exactly they do when they snoop into my computors, for the little, really tiny amount of the time that I am online.

Now this is important. T-com knows it, but not all the other readers of this text yet do.

The time that I am online usually measures in a few minutes per day. Some days just a little longer but it still hardly amounts to say one hour, per day. Very rarely, but very rarely, and I mean very rarely, do I stay longer yet online.

For all the rest of the time, I am offline.

For completeness, there is just the IPTV the Croatian T-com's brand name for it being MaxTV. However, if any emails whatsoever get to be sent from it, it can only be up to you, T-com. As far as I go, I have not, and don't intend to use the internet surfing option or any option close to emailing, that it may provide.

For completeness, likewise, anything that may happen with the adsl-router is up to you as well, you check those.

It is, however, true that in some of those periods that I am online, I, as yet, do not have complete control. But plese read on; and do not take this nor any other of my claims out of context.

Because no, I'm not saying that I lack control for those short periods, short intervals online in my rare-presence-online days. Those I can mostly see through what exactly happened... Mostly I have those under my control, although even there a stretch here or there is sadly possible where I may not be able to know what exactly happened...

But I am talking about the lack of control to a major extent only for my time online in those rare longer periods that I am online. There, sadly, sometimes I sill can not put all the pieces together as to who and what might have intruded and done what exactly...

I intend to learn to deal with that, so I may improve in that respect, in the future.

However, notice again, that those, the longer periods of my being on-line, have been rare.

Dear T-com, allow me to point out, here, to you, that I don't probably need to bother particularly about your advice on viri and trojans. I'll explain, even though that advice of yours is a usual bugbear that can be used by providers in their sleazy setups to politically dissenting users like me...

(Just for more of completeness, as far as viri and trojans go, no, ClamAV, which I sometimes run, doesn't find real viri nor trojans in my computors, just the usual unavoidable Structurals and Heuristics and the like.)

So let me, as I said, explain. I keep my computors that I allow online, strictly only online. They don't see any of the computors which live on my SOHO at all. And vice versa, the computors communicating between themselves from the SOHO don't see those that are allowed online at all. Not through wire, let alone through wireless, and also little or no use of media unsafe by design such as USB sticks, to not go into detail.

Hard and arduous air-gapping I apply. And cloning, as you can read about in:

There is also my "Air-Gapped Debian Install for Newbies" tip on Debian Forums in the Tips and Tricks section.

The cloning that I use may not protect me from some mass-surveillance and mass-control retail Stuxnet kind of virus (oh, it's those M$ Hotmail, and gmail and yahoo that you mention you would allow me to use, that know soo well about the mass-surveillance and control, those gmails and yahoos and M$ hotmails and the likes, so lets not bother here, just don't tell me you don't know what I am talking about)...

But while if, say, you or UDBA (the secret service in Tito's Yugoslavia, of Tito the Slaughterer and the Oppressor of Croats; it's past, but the neocommunists still holding the reins of power, like Milanović and Josipović, both sons of Titoist worse followers, we then still call the secret service in Croatia UDBA just the same)...

But I was saying, while my methods can not protect me from some very intricate and elaborate retail Stuxnet kind of virus if, say, you or UDBA decide to plant something in my computor, something like some such virus (and, again, sure you can ask Google the Surveillance Engine about those), still these methods of mine most certainly provide a very reliable way of restoring my system into clean state. Because I build my system in the SOHO that sees no internet whatsoever and I use the best methods there are for Air-Gapping.

It's pretty technical for avarage readers (and I do hope my connationals will read this, as there we have bright young men and women that can follow here just fine), but it's the emerge-webrsync and portage snapshots and a local mirror the methods that I use and which are superb methods, matchlesss methods, and so nothing goes in my quiet and humming SOHO easily to corrupt and plant viri...

But I was saying, while my methods might not be an impenetrable barrier for retail Schmoog the Surveillance Engine Snooper Secret Service Friend Big Octopus of the Internet whose tentacles no one can avoid for long...

I was saying, while my methods are not an completely impenetrable barrier, aren't you, my provider, Croatian T-com there to provide some aditional barrier for my safety and not instead ad difficulty in the equation as you seem to do?

Please, do prove to me that you want to help, and not aggravate.

I'll suggest to you a way to do so now.

Because, back to talking about what might have happened in the rare cases when I didn't have complete insight into what might have happened during my stay online, on the bright side of things, I really can investigate that which might have happened. Because I take network captures of what happened online with my computor...

Unless you, dear T-com, want to keep your claim unsubstantiated, such as if you have rigged it in collusion with some snoopers of the internet that rig people for reasons such as persecution of activists and political opponents, that is: unless your claim really has no meat, we can, together, find out, maybe even precisely, what happened, and when that exact what happened, by means of which intrusion into which of my computors it happened and similar.

I certainly do hope that you either will not stick to your claim if it has no meat, or that you will help me understand when exactly which email, and to whom, was sent from some of my computors.

Because, as I said, I take network captures and keep pretty comprehensive logs anyhow, and especially of my time online, so I don't think you can go with a complete non-disclosure regarding of which email was sent and when from my connection to your servers when I went online.

I can really tell you with some likelihood, that if you give me the time when that mail was, or times when those mails were, sent from some of my computors connected to your servers, that I am likely to give you more data as to whence the intrusion came.

Namely, I just very rarely go online without a complete network capture, along with screencasting what I do online, and more. (And, again, even that is about to hopefully improve for the better.)

So, dear T-com, do dress your claim with some meat and let's solve this problem.

I really hope for your sensible reply.

I want to stress only one last thing that to any reasonable reader sticks way out of the strange abuse claims by my provider here.

Dear T-com, I don't have any problems that you ban any other mail server but your own, mail.t-com.hr, and pls. take good notice, and:

As far as email address, I can not accept that you ban me from using my miro.rovis@croatiafidelis.hr unless spam has been sent from there, which I don't think you could get http://www.plus.hr to accept such accusation of on your part. No! No spam has been sent from miro.rovis@croatiafidelis.hr, unless you or the Internet's own despicable Octopus set up some medium level Stuxnet kind against them, to purposefully find them at fault!

Do ban everything else, if you really have to, just give me the freaking back my freedom to use what I pay for!

Thank you!

And thank you, Gentoo community. Surveillance-free FOSS Linux is best built with Gentoo!

Pls bear with me, this is stressful, freedom endangering, time consuming, and it is breaking my back, and all this after about a week of high fever illness that drained my forces up unto a few days ago.

Dear Gentoo community, do report this page if this isn't sufficiently in your view about Gentoo, and if most of the senior members decide that it is not acceptable, I will remove it with a link to this text that you currently read underneath the:

Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, A Zerk Provider
(link given the second and last time in this text a few lines above)

I will not oppose if a few senior members decide this text does not belong here, but will comply. Pls. give me a few hours in that case. Ny back is a little broken with all the effort, and my nerves a little shattered. Thank you.

This text, on the other hand, is identical with what I am about to send to Croatian T-com. First though, I posted it on Gentoo Forums. Those are freaking dangerous bunch of control freaks, you really don't know how they will react. So I have to beg you for more time, in case I get really, really censored by them and can't even get to Gentoo Forums (although that is hopefully not so likely).

Do notice, again, that, with time, not promptly, I intend to deploy here issues more technical and more fitting for the Gentoo Forums. There should be not at all much social stuff next for quite a while here from me in this topic but rather really techie stuff, network packets and stories and queries and research... With time, Vis Major (Latin), permitting...

Last edited by miroR on Sun Jan 18, 2015 8:37 pm; edited 2 times in total

Pls. read also the "Update no.1" at:
(this same topic)
https://forums.gentoo.org/viewtopic-t-999436.html#7895428
and just imagine how this clickjacking would have been plain and undeniable if I had known at the ime of my dumpcap'ing and screencasting of these files in this post you are reading, what I know now, by the time of that update just linked to.
---
Here's something yummy from my analysis of my latest surfing some two days:

EDIT Thu 5 Feb 00:21:30 CET 2015 START
Perhaps some aditional explanation, together with an insight into the road that I traveled since I started understanding these matters, can be read in my old topic that I revisited today:

I absolutely now first need to secure what Grsecurity can not do via kernel hardening (and where it does a marvelous job), but I need to properly deploy Gradm policies and all, id est the grsecurity RBAC system. This is currently the major weekness in my system... Racing against time... (but at a slow pace, I work so sloowly...)

So of course my goal is to, some day, hopefully before I'm of the age of Metusaleh, Vis Major allowing, learn to use the TLS Forward Secrecy.

I just had to post this, it fits here, for free people from me, free thinking oldish man Miroslav Rovis.

I mean when am I going to learn to decrypt and read the encrypted conversations that those surveillors do on my computer when I'm online? Can you when they sniff into your machines? Only really Seniors even in Gentoo, can, I'm afraid.

My problems with the provider may be nearing Chinese style clampdown on dissidents, and it seems to me it is being performed by means of deploying Chinese programs developed for that purpose. It seems to me they're deploying those programs on me at level designed for potentially knowledgeable, and in their eyes, pretty obnoxious users.

There was a longer intro here, a plead for some patience to Moderators concerning my style of writing, and you can hopefully (some kind of sly censorship never to exclude) still read it from http://www.CroatiaFidelis.hr:

As you can see, I really thought almost that PaX was at fault, and that it was a false positive "bruteforce prevention initiated" and so I... (I did at very first believe what PaX said in the logs, and only after some while doubted...)

So, rethinking that it was a false positive I even decided, while preparing it, for the initial title of this post from something that I, initially, at the very first, thought should contain the "bruteforce" word in it, to "PAX terminating task on /usr/bin/gdb", but I might yet go back. I might yet go back on that one!

These Wizards there at grsecurity and Pax I think they know all the reasons for what they write in their code...

But let me tell you what made me rethink the very first impression that it was an attack (which I am rethinking back to in these days of intense research).

I build my Gentoo system in air-gapped conditions. It's a poor user's air gap, not an expert one, as neither do I know all the tricks and arcane knowledge nor do I have means to pay for expert work.

My master Gentoo system that I build is never connected to the internet. I have another, same MBO and same HDD capacity system onto which I clone the air-gapped master, via disk dumping (with the command "dd") the system partitions of the master and restoring them onto the clone, and doing some reconfiguration, not so much, and the clone, on its part, never sees the SOHO via wired or wireless.

However, the data that I need for my SOHO, and which I can obviously only get by means of the cloned system from the internet, that data need to be transferred somehow.

Wireless -- too dangerous, so much risk that I have it disabled in T-com (the local Croatian provider) ADSL router and never use it anyway, neither in the smartphone which I also basically disabled completely (only the Regime can still tap me on it, or if they engage some cracker thugs by giving them the information, namely it has old chipcard inside, just so I can use it's sound recorder or camera; you can't otherwise! the freaking Schmoog! --it's and old Samsung Galaxy, unFOSSed Linux in it, total surveillance... It does concern the topic: you enable wireless on such, and on your router, and they can get into your machine).

And neither do I use wired connection to my SOHO via Ethernet card from this cloned online system.

But I use BluRay discs to tansfer my data. I take the hashes of what I prepare for transfer, and check them after the transfer. Never any mismatches, or very rarely, by some mistake of my own.

I also check for rootkits with rkhunter, but I did notice that there hasn't been any updates in the rootkit sourceforge.net central database (I ran rkhunter --update when online a day or two ago, rkhunter had databases up to date, and my system is nearing 2 months without update)... I am sure the zero day people from say Daly Dave mailing list

CHECK Daly Dave
LINK HERE

could tell us more about it, if somebody found a kind and effective way to ask them. To me, this does look strange. People no more inventing rootkits? Or there has been more development beneath the tip of the iceberg on which the rkhunter remains, unable to cope with all of it? It can't cope because things in rootkit tech have gone so perfect as to steal the lustre from and make the perfection of the old Stuxnet look pale?... I don't know.

I rechecked the Maildir (I did check the entire system, but the Maildir is usually the most risky) for viruses where I receive mail, and (this is why I am explaining about it) which I transfer via BluRay discs burning, onto my master system, where I keep another, safer copy of the Mailbox from the online machine.

For the people visiting this topic because they are building their mailing programs for Air-Gapped, I can explain this, because it is really a great thing to have your mail safe and away from the online machine. But I'll make a separate post only about it.

Both those instances of the same Maildir (the online one and the one in my master machine) had the same 21 viruses found, but it's those kind that is not even searched for by default, which means if I didn't set the phishing, structured and pua flags on, there would be no viruses found.

/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409660799.M481148P16773V0000000000000803I00000000003EB308_0.gbn,S=30495:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409661126.M741000P16239V0000000000000803I00000000003EC23E_0.gbn,S=5354:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409660834.M916487P20186V0000000000000803I00000000003EB427_0.gbn,S=9662:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409660799.M890073P16809V0000000000000803I00000000003EB30B_0.gbn,S=33209:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409660799.M192096P16749V0000000000000803I00000000003EB306_0.gbn,S=29340:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1421249417.M1558P8325V0000000000000803I0000000000029AD0_0.g0n,S=80104:2,Sa: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409660834.M781261P20174V0000000000000803I00000000003EB426_0.gbn,S=14447:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409661273.M40629P30460V0000000000000803I00000000003EC6DC_0.gbn,S=14369:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409661274.M138345P30569V0000000000000803I00000000003EC6E5_0.gbn,S=7857:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1409661126.M852229P16251V0000000000000803I00000000003EC23F_0.gbn,S=3035:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.postfix-users@postfixorg/cur/1418256470.M768147P8390V0000000000000803I00000000000E1AAC_0.g0n,S=20653:2,Sa: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr.dovecotdovecotorg/cur/1409661698.M854674P6697V0000000000000803I00000000003ED413_0.gbn,S=12666:2,S: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mrovis@inethr.djecamedjugorja@gmailcom/new/1409660007.M193551P7033V0000000000000803I00000000003E9A29_0.gbn,S=3509948: Heuristics.Structured.CreditCardNumber FOUND
/home/miro/Maildir/.mrovis@inethr.djecamedjugorja@gmailcom/new/1409660003.M444410P6973V0000000000000803I00000000003E9A24_0.gbn,S=3403175: Heuristics.Structured.CreditCardNumber FOUND
/home/miro/Maildir/.mrovis@inethr.djecamedjugorja@gmailcom/new/1409660005.M350589P6997V0000000000000803I00000000003E9A26_0.gbn,S=4132191: Heuristics.Structured.CreditCardNumber FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr/cur/1409660626.M301958P621V0000000000000803I00000000003EAD7C_0.gbn,S=6654:2,: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr/cur/1409660626.M187430P613V0000000000000803I00000000003EAD7B_0.gbn,S=4872:2,: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mirorovis@croatiafidelishr/cur/1409660626.M58667P605V0000000000000803I00000000003EAD7A_0.gbn,S=8173:2,: Heuristics.Structured.SSN FOUND
/home/miro/Maildir/.mrovis@inethr/cur/1409659364.M345146P13521V0000000000000803I00000000003E10EA_0.gbn,S=4364:2,S: PUA.Phishing.Bank FOUND
/home/miro/Maildir/.mrovis@inethr/cur/1409659372.M161293P13978V0000000000000803I00000000003E1123_0.gbn,S=4453:2,S: PUA.Phishing.Bank FOUND
/home/miro/Maildir/.mrovis@inethr/cur/1409659429.M54245P16709V0000000000000803I00000000003E128A_0.gbn,S=1437069:2,: PUA.Win32.Packer.Upx-48 FOUND

It happened during my 21 minutes of paying online, via the service of the name "Internet banking" from http://www.zaba.hr , Zagrebačka banka (name of the bank --robbers like most of the bankers-- which in Croatian stands for Zagrebian bank).

========= MOVE THESE START =============
Zagreb has an honest leftist mayor, Milan Bandić, whom many rightwingers like me support as he is a true Patriot and did so many good things in Zagreb, but he was rigged by the Regime, sent to jail innocent, and hardly made it out to fight the legal battle from freedom against the Traitors.

The message to Elektra, the power company, which overcharged me purposefully; running the machines on my SOHO cost me more for some six months than I really spent simply because they decided to play a prank with the bills of overcharging the poor user Miro. But they now need to return the money, and the deadline for me to let them know that I want the moneys and not for them to keep it and pay my next bills with those moneys is within two or three days from now if I calculate correctly.
========= MOVE THESE END =============

The mail to Eletra is important to me, as they need to return some overpaid money to me, and then I will finally be able to buy a 4TB HDD and work on the really kind advice that NeddySeagoon gave me on:

However, the T-com don't know yet that I got the logs that, especially the first message to Elektra, was regularly accepted by their servers and queued for delivery to Elektra. At this time they probably think that I don't have the logs in that regard. Not until they read here. And the problem is they may have decided to send it to spam (just see previous posts, about Iskon, my previous provider and about this T-com, the current one), and if they sent it to spam then I don't get the money! Which they probably would not do, if they knew that I would expose them on it.

And they likely think that I don't know that the mails were accepted, because these emails were sent via a special use of TLSv1, which I believe readers will find very curious. In a minute about that.

But first the dropped packets, which I've started explaining now for the third and final time in this post.

Again, it's a risk to give data unaltered in any way which I will do now, but the overhead of pondering over which exact info to hide is more time than I can afford (such as when I remember how I need to finally save my partly overwritten luks volume)...

All the packets containing the string mrfw_drop from the messages-20150201 syslog-ng log are available from:

(but I need yet decide if I can post it, or probably hex-edit some first and and then post it)

), but 173.194.112.0/24 are the Schmoog really (pagead-googlehosted.l.google.com . Wow! this's the first time in this topic after the open email to T-com --I mention it there three times!-- that I use the word for Schmoog! Dija see that?)... In other words exactly at the time I was paying my bills online, the code veiled with the ad on the freaking Zaba bank's page decided it needed to play its fishy packet on my computer.

Here are the packets that my machine received/sent from/to Schmoog (just displayed only that connection from the above dump_150131_0232_g0n_Zaba.pcap file in Wireshark and saved that):

is ssl-google-analytics.l.google.com (Wow! this's the second time in this topic after the open email to T-com --I mention it there three times!-- that I use the word for Schmoog!). These guys are behaving like the real pests of the internet. Hard to kill (the *nix word for making processes die, no real life, only pun).

And there was also this one packet that was dropped and which wasn't of the "SRC=10.16.96.1 DST=224.0.0.1" kind. (

BTW, that "SRC=10.16.96.1 DST=224.0.0.1" I think is my IPTV connection --branded MaxTV by Croatian T-com--, but what is interesting about those many lines of logged and then dropped packages from the IPTV connection is that at most of those times I wasn't watching it on my old Hauppauge card. Never mind for now.
)

[So there was also] this one packet that was dropped and which wasn't the IPTV src/dst, during the time I was paying online on http://www.zaba.hr :

where 195.29.150.5 is mail.t-com.hr, and here we go what users knowledgeable enough, and in Gentoo and generally FOSS Linux and the whole of the *nixdom there's a host of such, may find interesting:

There are no data about the two emails, which I explained above to whom and why I sent them, that a poor user like me could, as we usually can, recover in the pcapng network capture dumps! I didn't recover those data with the Wireshark and/or its gentle suite of programs! No such thing as "miroslav.FAKE@zg.ht.hr" or "ElektraZagreb@hep.hr"or "Ok: queued as" for the naked eye to see in the entire capture dump!

Feel free to find such unencrypted strings if you can in the capture file:

Or if you're a Senior, teach us how us poor users can decrypt and read such conversations!

Nope, of the 39 packets that pertain to the conversation btwn my machine and mail.t-com.hr, the packets:

Code:

22, 23, 24, 25, 28, 30

encrypted with the old TLSv1, that I expect contain those data with strings "miro.FAKE@zg.ht.hr" and "ElektraZagreb@hep.hr" and "Ok: queued as", as was similarly the case --just the To: address was: "support@plus.hr" and the From: was: mrovis.fake@croatiafidelis.hr and the provider was Iskon-- and which can be searched and read on:

(as you can see I decided to give to that text file the infix _PRIVATE, and that is because I have an inclination to believe that the Chinese regime's IT wisdom has been used; I'm yet far from explaining that, many other aspects are needed to be explained first, sorry for the delay!)

However I offer you here where those strings "miro.FAKE@zg.ht.hr" and "ElektraZagreb@hep.hr" and "Ok: queued as" should be (as they are in any normal sending/receiving) visible (but are not visible) for me the poor user to see.

The information that the user in normal free mail server applications such as Postfix server or even Exim server, Courier server, Dovecot server (if I understand correctly), sees, he/she does not see that information in this (I guess, Chinese, but pls. wait, it's a guess as I say in the opening paragraph of this post) private server. That information I believe is encrypted in those

Code:

Encrypted Application Data: ...[snip]...

The packet 34 is colored red in my Wireshark display, and the packets 35-39 are colored black and described as Spurious Retransmission.

Code:

Notice that it coincides with the mrfw_drop line from /var/log/messages reported time:

One would think that this whether bad packet or a good packet that should have been allowed (but have not much idea in concern yet), that was dropped and only logged, had it been accepted, those red and black colored packets would have been accepted normally instead.

But, two things.

First, this is where PAX terminates the gdb process, apparently every time an email is sent via smtp to the server.

And second, it happens with the local mail delivery.

But where then did I get my information and how then do I know that the message was sent, and when and how?

Some of the answers have been hinted in my new topic on Grsecurity Forums:

contains excerpt from that system log, taken during my 21 minutes internet banking bout of online paying of my bills, just the part of it when my message to ElektraZagreb@hep.hr, for the return of the moneys they (very likely deliberately) overcharged, was sent (by Postfix flushing the mailqueue without my manually doing anything).

contains excerpt from that system log, taken during my 6 minutes posting to Grsecurity Forums. just the part of it when my message to centarzakorisnike@zgh.hr was sent (with a short message of support for the treacherously, hyenatically persecuted good mayor of Zagreb Milan Bandić). It was also sent by Postfix flushing the mailqueue without me even being aware of it at the time.

---
I still haven't finished this. Just a little more removing is to be done of "political" text, but I believe it is best that I now first post the files.

Continuing after I take some rest. Don't forget that every time I go online, for me, as yet, is a dozen or a few dozen longer time checking up what happened online.

If anything is missing, check if it is a typo by opening this page, maybe it's there:

Below is correct publictimestamp, but for the previous version of this post. I'll publictimestamp this the one last time when I finish this, Vis Major allowing, in a few hours.
#======= cut off from this line to end if verifying hashes =======
#File corresponding to this post: Gen_150202_Postfix-Zerk_T-com.txt,
#has Publictimestamp # 1255298
#--
#publictimestamp.org/ptb/PTB-22746 sha256 2015-02-02 21:01:45
#CFC18F14FD724FA49C7868933F2F4B11C0F69E79B13CDE8CDCCADA14588F1C60

Last edited by miroR on Thu Feb 05, 2015 1:04 am; edited 1 time in total

For people that visit this topic as they're choosing/configuring their mailing programsfor Air-Gapped Installs

To get my mail, I use Getmail. It's very probably the best, better than the old Fetchmail. Lean and mean, never any issues, after my initial ineptitude about it.

The mail that Getmail fetches needs to be dropped into proper mailboxes. For that I use (Courier) Maildrop. Just great!

It's surely Maildir mailboxes type to use nowadays. And I serve them to Mutt with Dovecot via TLS login.
EDIT 2015-09-22 00:26+02:00:
No Dovecot is better probably. Currently in the process of removing it. Does not work so great with Mutt.
(But I'm leaving the old text intact around this and another note below.)
EDIT END
This is how the login looks like.

Mutt I'd never change for any other mailer, even though I'm not yet at advanced stage of using it.

And I use Postfix for sneding mail only (not the server, just the client). Lots of people use that setup nowadays.

It you have same configuration (just the few things I reconfigured in the clone from the master configuration once I restore the master system partitions onto the clone with dd, such as the hostname and the SOHO address; the clone needs to have the SOHO address, regardlee of not seeing any SOHO, so that Apache can serve documents from /usr/share/doc/ for you, or if you have cgit serving you git archives, you also need it)...

It you have same configuration, and in my Air-Gapped method you can't have much difference at all btwn the clone and the master, unless you heavily depart from the same MBO same-or-similar-other-hardware rule, in which case good luck to you, to have your safe Maildir copy which even remembers in Mutt what post you saw and which is new, which has already been answered and all; really exactly the same copy in the master, you need to copy the Maildir (I have the Sent and the Drafts in it too for that reason), and the .getmail folder, and the .mailfilter.log and, most importantly the .duplicate.cache file.

The .duplicate.cache file belongs to Maildrop. If you don't delete on the server straight what Getmail fetches and delivers to Maildrop (and leaving it on the server sometimes might be necessary or safer, esp. for newbies familiarizing with these mailing programs), you will end up re-downloading same mail, and having duplicates in your mailbox, which is very annoying.

I posted my Maildrop .mailfiter configuration file both on the Mutt mailing list and on the Maildrop mailing list. Can't search for it now, but you should be able to find it by my name, it's usique enough: Miroslav Rovis. Also about what is necessary about Getmail, where I solved some issues and posted about them. You can find it in the same way.

EDIT 2015-09-22 00:29+02:00:
It's, if I manage to keep my NGO's www.CroatiaFidelis.hr, still (but signed with my revoked key that I used then; signature is good though) at:

For those of the readers who have followed this topic, and seen the censorship on me, as well as the intrusions, clearly proven in the posts above, there has been a new foltering of an important activation message by my provider's on me, and I am unable to access the Sleuthkit Forum because of that censorship.

I'll post, if you want, the name of you who will hopefully, help me, or I'll keep you anonymous if you like better (but do tell me so when you help me), but if this problem has been solved, a notice will be right on top of that link to that partly overwritten luks volume recovery topic. You don't have to be a Gentoo Forums member to help, anyone with freedom to use email can help me.

previously at the address of this post there was a post misplaced by me. I actually like it better it having been so, as I can trust Gentoo, in among so much on the internet that I can not and should not trust..

And now the post is useful, while previously it was unclear, misposted like it was.

should have appeared hours ago, and I don't see it even now (2015-05-12 15:46+02:00).

Along the way there'll be a lot of learning for me and for hopefully some newbies.

If anybody from Devuan (both those are Devuan Mailing Lists, the first is my subscription with miro.rovis@croatiafidelis.hr address, and the second is my message from my miroslav.rovis1@zg.ht.hr address), [if anybody from Devuan] are reading this, if you care for another possible contributor, pls. give the address of this post to, best, the Devuan ML:

If Devuan takes off and learns to fly, and if they, this is important, and I'll point them over to these words of mine...

And if they offer a no-dbus Devuan, which I am not certain it is among their objectives; but if they do, then you may even not see much of me, because then I may get my little free time that I have, I can then start using that time for Devuan only...

and refresh the thread with that message, but no messages whatsoever appear? And I try exactly when I said two days ago, that I couldn't see my message appear there:

miroR wrote:

[...]should have appeared hours ago, and I don't see it even now (2015-05-12 15:46+02:00).

Easy, isn't it, you kind and loving T-com very clever playful admins, it was very easy wind up someone like me. Just keep the old cached page for my IP-address for more than four (4) hours, almost five (5) hours! How easy! That's what providers are about: for fooling their users, right!

I'll try and check with the brothers at Devuan, and see if they can find any errors with the lurker that they publish the messages with, just in case, but if I find time... No, that is so unlikely, and is another expenditure of time... Low priority.

This case is already useful for people looking how to deal unharmed with "clever" providers, I hope.

Just for this article to contain complete info on cloning, these dumps (only
two) suffice for me to clone the system onto another same size/model HDD on
same model MBO computer. After, in case of an empty, for being zeroed out, or
for being new, HDD, having created the exact sam gpt partitions on it, as
previously shown, I just run:

On the other hand, what is necessary to do, if one wants to identify a
particular something of any kind of electronic document, and that huge 70G
file is one single electronic entity too... What is necessary to do, is
identify these partitions by calculating their checksum.

That is those two partitions, very real ones, are the sole ones in extremely great likelihood in the whole of the universe to have those hashes. Any mathematician will tell you that. Well, the universe, Eistein is reported to have said, was not sure was infinite, but the chances are so unimaginably slim anything else in the, say world, has sensically those numbers in any case.
...

I have, after months and months of using this method, only recently figured out onw thing. It's so marvelous to me, how you can copy these huge abount of bits, adn that every single bit be in its proper place... but...

But I never thought you can check the SHA256 (or any other hashes for that matter), on the device itself.

what you can do and be near absolutely certain that you cloned/restored your system faultlessly, after you do:

Code:

sha256sum /dev/sda[23] > dd_E0904_n4m3_sda.sum

Surely, if these latter sums match the one taken when you dumped them.

And another note. I now use MD5SUMS, not SHA256SUMS, because Sleuthkit (see http://www.sleuthkit.org and the Sleuthkit Forums) uses those. It's faster, and even NSA would have it too expensive with their quantum PC's to forge even MD5 sums.

I'm really sorry, but I don't have time to reply to someone claiming how raid is used for backup of a system (if that post is still the last before this one, and with that same content by the time you, gentle reader, visit here)... If anybody cares, just do "man raid" and read a little first. Including the poster.
--
Is that not a good thing for Gentoo, being this topic on top if one searches for

Code:

postfix censorship

(just those two words entered into the form) on: https://duckduckgo.com
and gets a web location on Gentoo Forums at the top of all the finds? Because those two words' search on "ddg.gg" gets you to this topic of mine of Gentoo Forums, first thing found.

(I couldn't care for the Schmoog --the Google-- they're a dirty intrusion into FOSS --in their real interior--, as they have cooperated, and likely do cooperate, far too much with the NSA. Don't ever google, always duck for the information!)

---

Update no. 1:
=================
This is the first update to do, regarding this post of the topic you are reading:

You can see my script, and maybe tell the holes you see in it, if any there are (no, I'm not daring you, there could be some, I'm still struggling to gain really good understanding in these matters...):

Is that not a good thing for Gentoo, being this topic on top if one searches for postfix censorship

No one in their right mind would search for such a phrase on an American-owned clearnet search engine, and it's terrible that the paranoiacs who do so are now being directed to further disrupt this Linux tech support forum.

Or maybe this was part of your COINTELPRO-esque attack plan against this site all along?